Recently I documented my thoughts on “Deleting Data does not Purge Data“. My inclination was toward developing a policy which would formulate the “Data Destruction Policy” in our company.
We deal with confidential data all the time which is sent by clients for:
- Data Migration
- Checking Database Integrity
- Development
- Stress Testing
During this time, the data is passed around our highly qualified staff (who have signed a “Non-Disclosure” agreement). Many a times, we have seen the medium of transporting/transferring data is a secure channel. However some times, the channel storing/transferring confidential data could also be a “DVD”, “USB Drive” or even a “Magnetic Tape Drive”.
To safeguard the interest of our clients and our staff members, we have partnered with a “Digital Media/Data Destruction Company”. This company guarantees destruction of digital information from any external media at a nominal cost of ($15-$25) per incident.
The Data Destruction Company has signed a “Non-Disclosure” agreement. So the data/information is safe and not in unsafe hands.
Here is the process that we have set:
- Any disk/tape drive which needs to be destroyed should first be formatted by our company staff member.
- The staff member would also physically abuse (destroy) the disk with a hammer or melt the same if possible.
- We would then give the disk/drive to the “Data Destruction Company”
- During this time, the company would provide us with a receipt of the disk/drive and would inform us the date/time the data will be destroyed
- Once the data is destroyed, the company sends us a formal receipt that the data was destroyed and the task has been completed.
We have also published this process within our organization so that any staff member who believes that they have disk/data that needs to be destroyed can contact our IT staff members and take advantage of the new “Data Destruction Service”.
This is a process which has safeguarded our position with the clients and we have built a trust relationship where we respect the privacy and confidentiality of the data we receive.
The most difficult job is being a Network Administrator. The reason is simple:
- They have never get credit for what they do
- They always have a problem which does not have an easy solution
- Everyone complaints that the network performance is slow
Recently I was requested to document the Service Level Agreement (SLA) for our organization. The SLA is intended to provide guidance on how the network and telephony infrastructure is expected to perform, and the Network Team’s commitment to maintaining the quality and reliability of services provided to the enterprise.
The Structure of an SLA can be summarized by:
1.0 Statement Of Intent
1.1 Document Approvals
1.2 Document Review Dates
1.3 Time Conventions
2.0 About This Service
2.1 Services Covered Under This SLA
2.2 User Environment
2.2 User Support Services
3.0 About Service Availability
3.1 Scheduled Events That Impact Service Availability
3.2 Nonemergency Enhancements
3.3 Change Process
3.4 Change Management
4.0 Service Measures
5.0 Network Team Prioritizes
Network SLA cover all services under the administration of the Network Team, and includes, but is not limited to:
- Desktop Services
- LAN Services
- WAN Services
- Telephony Services
- Backup & Restore
- Security
- Audit
The SLA is governed by both the response time and the resolution time. Response time does not mean resolution. Response time is the time in which you will be contacted by a IT operations team member to triage/troubleshoot the issue.
Here is how we prioritize requests for support according to the following severity guidelines:
- Highest Severity (Response: Within 15 minutes)
Impacts the whole business unit (Department); Employee Termination; Involuntary Employee Termination; Phone System Affected; etc.
- High Severity (Response: Within 1-4 hours)
Workstation failure; etc.
- Normal Severity (Response: Within 2-4 hours)
Causes partial loss of productivity for an individual user; Cannot Receive Emails; etc.
- Low Severity (Response: Within 24-48 hours)
Hardware Approval; Software Upgrade; Email setup in Blackberry; A user needs administrative assistance; etc.
- Very Low Severity (Response: Within 1 week)
Enhancement requests are logged as Severity 5-Very Low Priority, but are reviewed and scheduled by the Network Team Advisory Board.
For an SLA to be honored the “Technology Resource Utilization Policy” should be used to bring accountability amongst the stakeholders and the Network Team. The purpose of the SLA is to ensure that the proper elements and commitment are in place to provide optimal data processing services for the business function.
Nainil Chheda,MS is the Knowledge Research Specialist at eClinicalWorks LLC, Member of ASTM, AMIA, AIIM, PDF/H, EHRVA, HITSP, AIS and ACM, and a practicing researcher on Healthcare Informatics.
